Geo auth is 100% controlled by UIWebView, so it's almost certain the only thing that we can do is file a Radar.
WKWebView doesn't delegate these either (which we have an existing Radar for), so I don't think we can do anything there either.

About the security content of iOS 9.3
https://support.apple.com/en-us/HT206166
WebKit
Available for: iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later
Impact: Visiting a maliciously crafted website may reveal a user's current location
Description: An issue existed in the parsing of geolocation requests. This was addressed through improved validation of the security origin for geolocation requests.
CVE-ID
CVE-2016-1779 : xisigr of Tencent's Xuanwu Lab (http://www.tencent.com)